Blogging about international AML/CFT standards and implementation

A preview of the FATF approach to risk

At the time of writing, the FATF has not published its paper on national risk assessments, one of the most eagerly awaited outcomes of the plenary in Paris last week, certainly for FATF Watchers. The FATF has published its revised paper on financial inclusion and interestingly enough that quotes from the as yet unpublished paper – referenced as ‘FATF(2013) National Money Laundering/Terrorist Financing Risk Assessment, FATF, Paris’. It also includes references to two other papers with the same date, ‘FATF (2013a) Guidance on PEPs, FATF, Paris, forthcoming’ and FATF (2013b), Guidance on New Payment Products and Services, FATF, Paris, forthcoming’. Oddly, these two papers are not mentioned in the published outcomes from the February plenary.

So what can we glean from the references in the financial inclusion paper, which start at paragraph 42 on page 19? Well, the FATF is taking a standard approach of defining risk as a function of three factors: threat, vulnerability and consequence. This was implicit in the 2007 FATF paper on the risk-based approach, but it appears to be explicitly spelled out in the forthcoming guidance. There is also a three-stage approach to risk assessment: identification, analysis and evaluation. It is suggested in the paper that the UNODC’s Guidance on the preparation and use of Serious and Organised Crime Threat Assessments (SOCTA) might act as a precursor to the AML/CFT threat assessment (it is worthwhile noting in the context of FATF evaluations being due to start later this year that the UNODC suggest a good SOCTA will take six months to produce).

One of the few tools available to help with AML/CFT national risk assessment until now has been template in the Strategic Implementation Planning (SIP) Framework, developed by the Asia-Pacific Group (APG) and the World Bank. According to the Financial Inclusion paper, the SIP is in the process of being updated to reflect the revised FATF Recommendations – an outline of the SIP Framework can be found in Annex 6, along with some other examples of risk assessment tools. The template, a fairly simple spreadsheet-based tool, will no doubt be useful for lower capacity countries in particular.

Much of the Financial Inclusion paper is concerned with differentiating between ‘low’ and ‘lower’ risk, which is a subtle distinction drawn from the wording of the FATF standards, but does appear somewhat confusing. As the paper states, in a footnote:

«Low risk » situations refer to cases that may qualify for an exemption from the FATF Recommendations, while a simplified AML/CFT regime may apply to “lower risks” cases.

It is not clear from the extracts published if the forthcoming paper on risk assessment will provide guidance on measuring risk, particularly if there is to be this distinction between ordering risks (higher and lower risks) and categorising them (proven low risk). The risk analysis process is broadly described as gaining an understanding of risks “to work toward assigning some sort of relative value or importance” (our emphasis). We shall have to wait for the publication of the paper for more details.